Category Started On Completed On Duration Cuckoo Version
FILE 2018-02-06 16:51:36 2018-02-06 17:01:55 619 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2018-02-06 16:51:36 2018-02-06 17:01:53

File Details

File name dboardman3_malware3.exe
File size 95744 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 791527C6
MD5 e0a7c2537392e600b61068538b25da3a
SHA1 0a7905ac8f654bc9163778c824d0b959fbce4b86
SHA256 9692cb90603f413a01b712c8abfad3b3beac70a233fd2b9961b34c9ae38deee8
SHA512 fe98075143cbbec0ae6e79ec3b9f0af1c76e801a34c308abd6d141beff75b76ee3e20f1b1484c51feadd0814ec11f1d244429690a9e7519e0c692c67d79302d9
Ssdeep 1536:6eOmsWjcdW3j3eikiKciHzkLIED7j579Z8iSikh2PlEmc8+a4k/U:6eOJWT3ezciHzEp9ZuiZc8F
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

dboardman3_malware3.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\dboardman3_malware3.exe
Mutexes
  • IPKillerClient
Registry Keys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

dboardman3_malware3.exe PID: 252, Parent PID: 1932

iexplore.exe PID: 720, Parent PID: 252

iexplore.exe PID: 216, Parent PID: 720

Volatility

Nothing to display.